CVE-2026-1629

NVD

https://nvd.nist.gov/vuln/detail/CVE-2026-1629

CWE

https://cwe.mitre.org/data/definitions/672.html

Mattermost versions 10.11.x <= 10.11.10 Fail to invalidate cached permalink preview data when a user loses channel access which allows the user to continue viewing private channel content via previously cached permalink previews until cache reset or relogin.. Mattermost Advisory ID: MMSA-2026-00580

Weakness

The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.

Affected Software

Name	Vendor	Start Version	End Version
Mattermost_server	Mattermost	10.11.0 (including)	10.11.11 (excluding)

References

https://mattermost.com/security-updates

Operation on a Resource after Expiration or Release

Weakness

Affected Software

References